Summary Of Mobile Threats For Year 2005

Current:

Summary Of Mobile Threats For Year 2005

Go back to
NEWS MAIN

Stay up to date
Get SF feed

.: Symbian viruses :.

+ Skulls

+ Mabir

+ Locknut

+ Lasco

+ Cabir

+ Cabir.AA

+ CommWarrior.C

.:Related stories:.

+ Phone book stealers

+ Mobile safety at your fingertips!!

+ Number of known Symbian trojans double in one day!!

+ Three new Symbian trojans in one day!!



	Name: Email: Website: Message: ..help..

+ Summary Of Mobile Threats For Year 2005

06 April 2006

Summary Of Mobile Threats For Year 2005

The first Mobile Threat that appeared in year 2004, that is Cabir.A has shown that mobile phone threat is a proof-of-concept application.. However, most Symbian malwares are still quite primitive and most of them are not in the form of executable code.

It is able to replicates itself via bluetooth devices that supporting symbian Series 60 user interface platform.

To date, Cabir.A has been spreaded widely until affected many countries such as Malaysia, United States, United Kingdom, Italy, Russia, Indonesia, Japan, New Zealand, Australia, Singapore etc.

Cell phone threat are currently targeting on Symbian Series 60 user interface platform only because its population has been increased.

Year 2005 has been proved to us that more than 120 types of variants that exists worldwide today and virus creators has been use Cabir as a basis to create more damageable malware.

The matter that worried by anti-virus firm is that virus creators release and release their source code. A very good example is, a Brazilian fella has spreaded the cabir source code since last year December and now causing more than 26 variants that detected as Cabir Variant!

Understanding Basic Symbian File System

Symbian file system can be divided into four groups and their functions are summarize as shown below:

Type of drive:	Functions:
Drive C:	Act as a flash RAM and it contains user installed applications, user data such as phonebook data, multimedia files, messaging data etc.
Drive D:	Act as a temporary RAM that store temporary files for applications and also some data about WAP contents.
Drive E:	Act as a media card drive which enable user to expand the memory storage by using an appropriate card to store applications, pictures, videos and songs.
Drive Z:	Act as an OS ROM which is the “heart” of the OS that contains mostly of the system and applications file.

What is a Mobile Phone Virus and how does it spread?

Cell phone virus is a proof-of-concept application that might describe same as computer viruses that install itself into the targeted device and executes its malicious code to“infect” the phone with preset command.

Currently, Cell phone viruses are spreading using:

Bluetooth Wireless Technology:
It is capable replicates itself in 10metre Bluetooth wireless range and search for bluetooth devices that are active in discovery mode. Upon detected it will pop up as Screen as shown below:

If user click yes and he may facing risk that he will be infected by this suspicious file since he didn’t practice well in mobile security knowledge and he may proceed to the installation process.

User should be aware that installing application that without valid certificate will cause them facing a very high risk of cell-phone-viruses infection and they should only install those applications which are trustworthy.

Multimedia Messaging Services (MMS)

This year January 2005, a new type of mobile viruses that capable spreading itself via bluetooth but also MMS has been causing public attention and AV firm pretend this is the most effective way for mobile viruses to replicates itselft.

Besides, it is able to generates different codes to send itself via MMS by scanning user phonebooks contacts that might causing other innocent users with less expose to mobile security knowledge get confused and proceed to the installation process which giving opportunities to cell-phone-malware to executes itself.

Anyway, user should aware of third party application that doesn’t contain any valid certificates that might be a virus!

Faked games, applications and security patches at Warez/Shareware site.

This is also a way that cell phone viruses developers used to spread their stuff at which usually most people like to browse those site to get “free” stuff and didn’t aware that actually it has been packed with mobile trojan/malwares inside them.

This year, those cell phone malwares has been disguised as mobile security software, Security patches, desirable games and application by user and also those most wanted themes that containing pornographic.

Evolution of Cell Phone Viruses

June 2004—Cabir detected and it’s a proof-of-concept application that
able to spread itself via Bluetooth devices and it will only executes itself on Symbian Series 60 User Interface Platform.
August 2004—Qdial found and it is capable sending premium rate messages to multimedia provider and causing unwanted charge and it is spreading in a Famous Camera-Shooting Mosquito game. User in United Kingdom, Germany, the Netherlands, and Switzerland are affected with this Trojan
November 2004—Skulls.A Trojan found and it will replace those application icon into a skulls icon and it will disable those infected application from running by replacing a non-functional file into the targeted system.
December 2004—Mgdropper detected and it will disable user from uninstalling it and disguised by a famous PC game—Metal Gear
December 2005—Lasco.A reported and it is able to infects other *.SIS file by injecting itself to the targeted *.SIS installation file besides spreading via Bluetooth.
February 2005—Locknut.A found and it is capable disable certain application in the phone and causing the phone system crashes. Only installing disinfection tool can fix it only.
March 2005—Dampig.A Trojan found and it is cable to prevent targeted application from running and it’s also packing with several Cabir variant together.
April 2005—Fontal.A reported and it’s the first cell-phone-virus that capable disable the phone from rebooting and causing user data lost unworthy.
April 2005—Hobbes.A found and it will only crashes phone menu system that running on older Symbian OS.
April 2005—71 cell-phone-trojan found and most of them was packed in those most-wanted application and games.
July 2005—OneHoop.A and Booton.A Trojan found that capable spreading simultaneously via Bluetooth and replace the phone icon with a Heart-Shaped icon.
July 2005—Cadomesk.A/B found and it will disable a large amount of application and spreading cabir variant after it has been installed.
July 2005—Skudoo.B found and it claims itself a famous games called Splinter Cell.
July 2005—Mabtal.A detected and it’s able to trick user to reboot the phone automatically once the user access the installed application.
August 2005—Blankfont.A Trojan found and it is capable causing the phone caption to be invisible and causing user fail to distinguish those options and menu properties.
September 2005—DoomBoot.A found and causing the phone fail to boot itself on the next restart.
September 2005—Multidropper.A and its variant found and it contains a large amount of repack Trojan that crashes the phone system.
October 2005—Commwarrior.C reported and it is able to self-protecting from user to delete or remove them manually, besides, it is able to changed user wallpaper and operator logo and it’s causing while user access WAP site, it will link into the creator homepage about the worm. Only installing the right disinfection tool or anti-virus application will fix it only.
November 2005—CardTrap.A found and it’s the first cell-phone-trojan bundle with PC malwares and it’s capable disable a large amount of application in the phone.
November 2005—CardBlock.A found and it’s capable disable the phone from startup and it’s also capable locking the media card with random password to avoid user to access their data.
December 2005—PbSender.A, PbSender.B and PbSender.C found and it’s capable packing user PhoneBook, Calendar, To-Do and Notes into a text file and sent through Bluetooth which access user data without their permissions or confirmations.

The Future of Mobile Viruses. Will they die?
Or Will They Just Evolve into Something MORE?

For the year 2005, the number of mobile viruses has reached about 120 types of them including those variants.

The Symbian operating system now has an 80.5% market share. Just as virus writers now focus on Microsoft's OS and creating viruses on it. Same as Symbian OS, due to the increasement of population and thus Symbian Series 60 be the favorite target for virus writers to create more mobile malwares.

Commwarrior incident has been best described that Telco’s has take attention on them and certain operator like T-Mobile, TeliaSonara and Elisa has been cooperates with FSecure Anti-Virus Company to fight against those mobile malwares and protect their customer from infected by mobile malwares.

Right now, most cell-phone-viruses only a repack stuff done by those annoying kids who like to get credit only but if we pay a study carefully, what we notice is there are only 4 real Symbian OS virus creators namely Lab 29A, Velasco, el01dr and Lajel only. Will there be any new virus creator in the future? For me, there will be still have a small amount of new creator in the future and might be increase from time to time. The matter that worried most by AV firm is that virus creators try to post their source code in the internet and make it as an opening source project that might causing a large number of variants created!

Mobile threats will never stop and virus creators are trying to exploit as much security vulnerabilities as they can. For now, Symbian OS contains many “holes” and it may give chance for them to exploit the vulnerabilities of the Operating System and thus more Symbian user will be affected by mobile malwares if they didn’t practice well in handling a suspicious file that might be a malwares or threat.

However, we can see some “light” from Symbian about their improvement in security feature. Well, Symbian is "eclipsing" its new executable format which means where the loader loads DLLs located on a higher order drive (e.g. C drive) to dynamically replace files on the firmware (Z drive). Therefore, "skulls trojan" attacks no longer function in Symbian OS v9.0 onwards.

There are still some undiscoverable method of infection that have not been reported yet but I pretend there will be in the future as virus creators always come up with idea with different infection method to causing effective damage to the phone and also computer.

For an example, they can lock the user data, self-replicating itself, self protecting itself and also format the phone data without user authorization.

.:[ Download full article in pdf format ]:.

About author:
Calvin Tang was born in Malaysia in 1988 and currently work as an Independent Mobile Malware Researcher for Anti-Virus firm. He’s specialized in researching mobile malware and capable analyzing minor part of a mobile malware.

He has started his researching job since April 2005 and to date he had discovered and found about 70+ mobile malwares that exists in the internet. He had posted his analysis report of those mobile malwares in several forum to keep public get attention about new malware.

He has also released his first disinfection tool to the public on December of 2005 namely “CalvinStinger” and now he’s working on his latest version of the disinfection tool and publish his first while paper of title “Summary Of Mobile Threats For Year 2005”.

Currently, he’s still studying in a high school and will complete his high school study on this November.

Source: Symbian Freak

Author: Apocalypso

-=[ Click Here To Have Your Say On This Story ]=-

.:[ go back to news main ]:.

Trademarks
All trademarks and registered trademarks are property of their respective owners.

SYMBIAN and all SYMBIAN-based marks and logos are trade marks
of Symbian Software Limited. This website is not in any way endorsed or supported by Symbian Software Limited.

NOKIA and all Nokia-based marks and logos are trade marks
of Nokia Corporation. This website is not in any way endorsed or supported
by Nokia Corporation

Web

Symbian Freak